Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zikula | Zikula Application Framework | <= 1.2.4 |
Related Weaknesses (CWE)
References
- http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.htmlExploit
- http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG
- http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zi
- http://openwall.com/lists/oss-security/2011/02/01/1Exploit
- http://openwall.com/lists/oss-security/2011/02/03/1Exploit
- http://seclists.org/fulldisclosure/2011/Feb/0Exploit
- http://secunia.com/advisories/43114Vendor Advisory
- http://securityreason.com/securityalert/8067
- http://www.osvdb.org/70751
- http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.htmlExploit
- http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG
- http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zi
- http://openwall.com/lists/oss-security/2011/02/01/1Exploit
- http://openwall.com/lists/oss-security/2011/02/03/1Exploit
- http://seclists.org/fulldisclosure/2011/Feb/0Exploit
FAQ
What is CVE-2011-0535?
CVE-2011-0535 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privi...
How severe is CVE-2011-0535?
CVE-2011-0535 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0535?
Check the references section above for vendor advisories and patch information. Affected products include: Zikula Zikula Application Framework.